<html>
<head><meta charset="utf-8"><title>RustSec call graph analysis · wg-secure-code · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/index.html">wg-secure-code</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/RustSec.20call.20graph.20analysis.html">RustSec call graph analysis</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="171567081"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/RustSec%20call%20graph%20analysis/near/171567081" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/RustSec.20call.20graph.20analysis.html#171567081">(Jul 23 2019 at 23:52)</a>:</h4>
<p>Given the recent <code>RUSTSEC-2019-0011</code> shenanigans, I opened an issue about a potential integration between <code>cargo-audit</code> and Siderophile: <a href="https://github.com/RustSec/cargo-audit/issues/89" target="_blank" title="https://github.com/RustSec/cargo-audit/issues/89">https://github.com/RustSec/cargo-audit/issues/89</a></p>



<a name="171567135"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/RustSec%20call%20graph%20analysis/near/171567135" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/RustSec.20call.20graph.20analysis.html#171567135">(Jul 23 2019 at 23:52)</a>:</h4>
<p>/me and <span class="user-mention" data-user-id="130046">@Alex Gaynor</span> are on a slack with several of their employees including their CEO, so this seems like something we might be able to pull off <span aria-label="wink" class="emoji emoji-1f609" role="img" title="wink">:wink:</span></p>



<a name="171567146"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/RustSec%20call%20graph%20analysis/near/171567146" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/RustSec.20call.20graph.20analysis.html#171567146">(Jul 23 2019 at 23:53)</a>:</h4>
<p>cc <span class="user-mention" data-user-id="127617">@Shnatsel</span> since I think you recently mentioned Siderophile</p>



<a name="171567666"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/RustSec%20call%20graph%20analysis/near/171567666" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Tony Arcieri <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/RustSec.20call.20graph.20analysis.html#171567666">(Jul 24 2019 at 00:04)</a>:</h4>
<p>also opened an issue on their repo <a href="https://github.com/trailofbits/siderophile/issues/16" target="_blank" title="https://github.com/trailofbits/siderophile/issues/16">https://github.com/trailofbits/siderophile/issues/16</a></p>



<a name="171599648"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/146229-wg-secure-code/topic/RustSec%20call%20graph%20analysis/near/171599648" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Shnatsel <a href="https://rust-lang.github.io/zulip_archive/stream/146229-wg-secure-code/topic/RustSec.20call.20graph.20analysis.html#171599648">(Jul 24 2019 at 12:02)</a>:</h4>
<p>It sounds like splitting call graph analysis into a separate crate is the way to go. Many other things  could benefit from it, such rustsec and cargo-geiger</p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>